On 29-Dec-2006, at 11:38, Ryan Steele wrote:
Although, you would think that, since /bin/sh is pretty much a
known quantity in POSIX, that either it or execv would default to
something sane
like that instead of the user's login shell, which on many systems
(especially
mail servers) are set to /bin/false,
If the shell is set to /bin/false then it is likely because the
admins do not WANT the users spawning shells.
Personally, I think the ability of procmail to spawn a shell that
overrides the user's default could fairly be considered a security
risk and if procmail were being developed that would likely be
something that would be removed and/or handled in an entirely
different way (perhaps something like chroot jail or something).
--
Against stupidity the gods themselves contend in vain.
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail